Jan 16 2020 02:59 AM
"The security policy prevents the creation of a managed device because a custom OS is or has been installed on this device"
But the device is not rooted, it was forcefully removed from the portal.
Anyone has an idea to resolve this issue?
Jan 16 2020 06:14 AM
@iMadushaN Is there a Custom ROM installed on the device?
Jan 16 2020 09:41 AM
@iMadushaN What brand/model of device is it? Was it previously enrolled in your Intune tenant? Was it previously enrolled using a different method? (Device Admin, Fully Managed, etc.) Was the previous device registration removed from Intune prior to enrolling?
Jan 16 2020 12:31 PM
Which model you a re using and which version? is that OS version shows some different name other than android version which is not readable by intune like MIUI or ONEUI in device details which might me causing the issue?@iMadushaN
Jan 26 2020 11:19 PM
Jan 27 2020 12:39 AM
@I_am_Rajesh Hi, Please refer attached.
Jan 27 2020 08:35 AM
@iMadushaNIssue seems to be very strange because Device was working fine previously with Intune.
I think you had already tried this but just for checking you can try this step if not done already.
---- Have you used Serial Number or IMEI no for enrollment ? i think you must have tried with both but in case not than just use either one like if IMEI than re enroll using SN and Vice Versa.
I am not sure and also this could be not an issue but i think Intune is reading Samsung Experience 9.5 as custom OS instead of Android version.
Also once you can try to hard reset to factory setting if its allowed or feasible for you.
Feb 27 2020 01:00 PM
I have the same issue happening on multiple Samsung devices. I have the default enrollment method set to work profiles. As people re-enroll they are converted from device administrator.
Within the last month I have seen these issues.
Mar 12 2020 12:58 PM
has this issue been resolved ? if not can you try disabling or removing knox app from samsung device and see if it works @iMadushaN
Mar 25 2020 09:32 PM
@iMadushaN Did you ever find a solution for this? I am running into this same issue with another endpoint management solution.
Mar 27 2020 01:17 AM
So they are first enrolled in work profile, then enrolled into DA.
Are they trying to use the Samsung 'Mail' app?
Apr 01 2020 09:00 AM
@Thijs LecomteNope its new device and we have enrolled 1st time (AE), for mail app -- ans is No because Intune portal configuration itself blocking with error so unable to proceed further
Apr 13 2020 03:33 PM
@iMadushaN
I was working on a case like this one and I stumbled with the following Samsung Official Documentation:
https://support.samsungknox.com/hc/en-us/articles/115013719548
https://support.samsungknox.com/hc/en-us/articles/360039680233-Knox-Cloud-Services-KCS-solutions-do-...
Refer to The documentation above:
This flag is a security feature that detects if unofficial software has been installed on your phone. This helps prevent malicious attempts from accessing your data.
The Knox Warranty Bit detects if a non-Knox kernel has been loaded on the device. It is a one-time programmable bit e-fuse, which can only be turned from 0X0 to 0X1 (i.e. tripped). If a non-Knox boot loader or kernel has been installed on the device, Knox can no longer guarantee the security of the Knox container. As a result, the Warranty Bit is tripped to 0X1…
If the Knox bit has tripped:
May 22 2020 02:19 PM
@Estivengsv After working with my companies IT people, they have informed me that this is an issue with Android 10.
Intune worked on my device previously, but after a large update my work associated apps (Teams & Outlook) no longer updated and directed me to install Intune Company Portal that was already installed on my phone.
I have a Samsung Galaxy S10 Plus
Phone Software Details:
I uninstalled Company Portal, Outlook and Teams, restarted my phone and then downloaded Company Portal to start over fresh. I logged in with my company username and password and tried to create a new "Work profile". However, every time the profile creation would fail I would get the same error:
After a few more attempts I broke down and went to IT.
They told me the following;
"The custom OS error has to do with a ROM variant the Android put out the Microsoft reads as non-standard. Microsoft is supposed to be releasing an update for InTune Company Portal to address this, but they haven't yet. It's an issue w/ Android 10. They can't fix it without pushing a whole new ROM (and we all know how long it takes Samsung to push Android updates), and MS can easily fix it (allegedly)."
So for now I am unable to use Teams or Outlook on my device. Hopefully I will hear more about this supposed update when IT learns a bit more.
Hope this helps anyone else out there experiencing the same thing.
Jun 25 2020 11:27 AM
@rgildersleeveI had same problem with Enterprise Enrollment on Samsung Tab S5e. The solution was to upgrade the device to latest Firmware. I had to flash with Odin-Tool. After that it worked like a charm.
Aug 12 2020 01:00 AM
Aug 14 2020 08:32 AM
Ya! its a problem with few samsung device due to Knox security and its limitation@fajarslatif
below is few link which will help you out on few KNOX limitation.
https://support.samsungknox.com/hc/en-us/articles/115013719548
Sep 14 2020 11:25 AM
@I_am_Rajesh Is this as in forever. I purchased a second hand Galaxy S10+ not knowing about Knox. It has stock firmwhere on it. I have also re-flashed the original stock firmware via Odin to make sure and I am unable to install InTune. It said the Knox bit us 0x01 so looks like it has custom firmware in the past.
I bought this to be a work phone. This is stupid. Is there ANYWAY I can get round this?